Home / malware Win32.Perlovga.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Perlovga.A is also known as Worm.Win32.Perlovga.A, Worm:Win32/Perlovga, W32/Perlovga.A.
Explanation :
This malware does the following actions when executed:
* launches "explorer.exe" with the system drive as parameter (which indirectly executes , if present, autorun.inf)
* copies itself into %windir% with the name "xcopy.exe"
* copies %windrive%host.exe into %windir%svchost.exe
* copies %windrive%autorun.inf into %windir%autorun.inf
* launches %windir%svchost.exeLast update 21 November 2011
